First look: Alexander warns on NSA reform – Legislative update: Two steps forward, one step back

Text Size

FIRST LOOK: ALEXANDER WARNS ON NSA REFORM – The USA Freedom Act and other NSA reform legislation could leave the nation more vulnerable to a terrorist attack if they are passed and are driven by members of Congress playing politics rather than by any desire to protect the nation, former NSA Director Keith Alexander told POLITICO in a wide-ranging interview. “I’m concerned that, if you start taking tools away, attacks will get through and there will be another set of congressional members who stand up and say: ‘How did this happen? This is reprehensible.’ And those that lack the backbone, I think, to stand up for it [now] will sway the other way.” After retiring from NSA in late March, Alexander has become the chief defender of his former agency, combatting what he described to POLITICO as the “greatest misrepresentation in the press” that he’s ever seen. “The perception that’s been presented to the American people is inaccurate and it’s unacceptable,” he said. “I believe someone needs to correct that record. If no one else will, I will.” Keep an eye out for the full story posting this morning.

LEGISLATIVE UPDATE: TWO STEPS FORWARD, ONE STEP BACK – The long appropriations march will continue today in the Senate with the full committee markup of the FY15 Homeland Security bill. Meanwhile, there was both progress and delay yesterday on the Hill, as the Senate Homeland Security Committee easily advanced cybersecurity legislation while the Senate Intelligence Committee’s canceled their information sharing bill mark-up. Sen. Barbara Mikulski’s Appropriations Committee has been making efficient work of appropriations so far, and the Homeland Security Subcommittee markup of the FY15 funding bill earlier this week was a short, cordial and bipartisan affair. As a refresher, the bill would give nearly $11 million more to DHS cybersecurity efforts than what was requested, which was slightly above what the House-passed version set aside (http://1.usa.gov/1jLwWUl). That comes up at 10:30 this morning.

On the other hand, today’s tentative markup of Senate Intel’s CISA legislation has been postponed until sometime after recess, as too many members’ travel would have conflicted with a meeting on the legislation. The draft has drawn criticism from both industry groups and privacy advocates, and Congress has its work cut out for it to get the bipartisan bill through committee, the full Senate and through conference with the House-passed CISPA, even with optimism from the likes of Ranking Member Saxby Chambliss and House Intelligence Chairman Mike Rogers. The committee hasn’t set a date for the markup after recess, though it is hopeful it might come up the week after the Fourth, according to an aide.

Legislation did advance from the Senate Homeland Security Committee easily yesterday, also in bipartisan fashion. The National Cybersecurity and Communications Integration Center Act of 2014 (http://politico.pro/1yLJuoI), which would direct the NCCIC to coordinate cybersecurity information sharing throughout the federal government and with the private sector and to conduct analysis of cyber-risks and incidents affecting critical infrastructure, and the Federal Information Security Modernization Act of 2014 (http://politico.pro/1wuVpoF), which would modify and modernize FISMA, while also empowering the department with new authority to issue “binding operational directives,” both passed on a voice vote yesterday.

So as we approachthe Fourth of July recess, with the August recess beginning to come into view, what legislation still has a shot of passage this year? In addition to the headwinds that face every bill in Congress this year — election year politics, partisan fighting and limited time left — cybersecurity bills have been stymied by the residual effects of the Edward Snowden NSA revelations and industry concerns over regulations. There are plenty of options in various states of progress for legislation on cybersecurity, from information sharing, to trade secret protections, to data breach notifications, to FISMA and NCCIC, to workforce bills and appropriations packages — many of which are bipartisan. So what would you place money on being signed into law, if anything, and why? Tell us, and we’ll feature some of the best responses in coming days.

HAPPY THURSDAY and welcome to Morning Cybersecurity, where we wouldn’t mind if there was a collective pause in the news from about noon to 2 p.m. today for a certain soccer match. Maybe this will help: http://bit.ly/1sGp7IY. I wonder if the U.S. and German officials at the cybersecurity bilat today are placing any wagers on the game? As always, send your thoughts, tips and feedback to tkopan@politico.com and follow @talkopan, @POLITICOPro and @MorningCybersec. Full team info is below.

COULD CELLPHONE DECISION HAVE NSA RAMIFICATIONS? – The Supreme Court yesterday issued a unanimous and unequivocal decision that police must acquire a warrant to search individuals’ cellphones when they’re arrested, declaring that a personal mobile device is fundamentally different from anything else a person might carry on them, and even more important to protect than the privacy of the home — traditionally held sacrosanct by the courts. But the ruling is also giving hope to privacy advocates that it may boost their efforts in lawsuits challenging the NSA’s collection of metadata, Josh Gerstein reports. “This is a remarkably strong affirmation of privacy rights in a digital age,” said Marc Rotenberg of the Electronic Privacy Information Center. “The court found that digital data is different and that has constitutional significance, particularly in the realm of [the] Fourth Amendment. … I think it also signals the end of the NSA program.” More, from Josh: http://politi.co/TyeXtR

NO AGENCY TOO SMALL FOR CYBERSECURITY – Small federal agencies are not immune to cyber-risks and some have a long way to go on their security practices, a GAO review released yesterday found. According to the analysis of six small agencies, including the FTC, “many, but not all, of the policies and procedures documented by the six agencies were either outdated, incomplete, or did not exist.” The GAO concluded securing IT systems and personal information was a “challenge” for the agencies looked at (all with 6,000 or fewer employees.) “Although these agencies have implemented elements of an information security program and privacy requirements, weaknesses put agencies’ information systems and the information they contain at risk of compromise.” Among the GAO’s recommendations is that DHS develop services and guidance targeted to improving smaller federal agency cybersecurity. DHS responded that it plans on expanding a new “federal customer service unit” within US-CERT to assist federal civilian agencies, “including small and micro agencies.” The report: http://1.usa.gov/1mqUq5U

ATLANTIC: NATO MUST ADAPT TO CYBER – NATO should open its own cyber exercise range to show it’s serious about cybersecurity, according to a report yesterday from the Atlantic Council on new strategic challenges for the alliance. “Beyond hybrid warfare, NATO also must consider challenges in new domains and by nontraditional actors. Unexpected scenarios include cyberattacks and attacks against space assets held by a NATO member, or a bio attack by an undeclared adversary,” the authors wrote. The NATO toolkit should include technological capabilities, the report argued. Specific recommendations included creating the cyber exercise range (which “would also send an important signal about the Alliance’s seriousness about cyber defense and security, in addition to ensuring cyber experts across the Alliance shared the same levels of expertise”) and creating a senior cyber committee. The report: http://bit.ly/1yOA2Rz

UKRAINE GETS DEFENSE TRUST FUND – Also yesterday, NATO foreign ministers agreed to set-up a trust fund to support Ukraine’s defense in critical areas including cyberdefense capacity building, NATO Secretary General Anders Fogh Rasmussen announced at a press conference, but he did not reveal the trust fund’s value. More: http://bit.ly/1qJvUQh

CYBERSECURITY TO COME UP WITH CHINA – The upcoming strategic and economic dialogue with China will include cybersecurity as a key issue, a State Department official told a Senate panel yesterday. The July meeting in Beijing is one of the few remaining avenues for direct U.S.-China talks after China withdrew from a cyber working group in the wake of May’s indictments of five PLA officials for alleged cyberespionage. Officials plan to “forcefully” raise the issue of commercial cyberespionage during the upcoming dialogue, Assistant Secretary of State for East Asian and Pacific Affairs Daniel Russel told members of the Senate Foreign Relations Committee on Wednesday. The U.S. will “push for the Chinese to take action,” he said.

BAUCUS BERATES BEIJING — But the administration appears to be doubling-down on its aggressive stance. Max Baucus, in his first major address as ambassador to China yesterday, used what some might call undiplomatic language to call out Chinese hacking. "Cyber-enabled theft of trade secrets by state actors in China has emerged as a major threat to our economic, and thus, national security," Baucus told business leaders at the American Chamber of Commerce in China. "We won't sit idly by when a crime is committed in the real world. So why should we when it happens in cyber space?" Reuters has the story from Beijing: http://reut.rs/1o37IFc

HOLDER REACHES OUT TO EUROPE ON PRIVACY – “The United States took another step Wednesday to repairing its battered data security image in the eyes of the European Union post-Edward Snowden and NSA revelations,” Pro Tech’s Jody Serrano reports. Attorney General Eric Holder, told a transatlantic confab in Athens, Greece, that the Obama administration would work with Congress to craft legislation that would give Europeans the right to sue U.S. authorities if they felt their data privacy rights had been violated with regard to information shared with U.S. agencies under an information-sharing deal being wrangled between the EU and US. “This commitment — which has long been sought by the EU — reflects our resolve to move forward not only on the DPPA itself, but on strengthening transatlantic ties,” Holder said. The story: http://politico.pro/1qJW9pN

STUDENT PRIVACY SPLITS LAWMAKERS – The question of how to protect student data divided members of two congressional subcommittees yesterday. Chairman of the Education and the Workforce Subcommittee on Early Childhood, Elementary, and Secondary Education Todd Rokita indicated he was not inclined to pursue federal legislation. “State by state is still the way to go on this,” he said, hailing a new privacy policy developed by Idaho. But his counterpart on the Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies took a different tack, discussing gaps in federal privacy laws. “Nobody wants to try to inhibit [innovation], but I come to this from the perspective of us dealing with issues like the NSA,” said Rep. Patrick Meehan. More: http://politico.pro/1o4PW4r

OUT TODAY — POLITICO Magazine’s LATEST ISSUE — The award-winning magazine debuts its campaign season issue with a special report on money, politics and power in the midst of the New Gilded Age, including a look at the challenges of being gay and Republican in the Bush administration, insight from a Nobel Prize-winning economist and a profile of Obama’s controversial attorney general. Read now: http://politi.co/1u8lQjN